Difference between revisions of "Talk:Fail2ban"
(Replaced content with "Fine. Usually I'm told to put forum stuff into the wiki. Bound to happen the other way around. Have appended to the thread that 'tried' to point to the unwanted piece in t...") |
(install fail2ban-subnets) |
||
(3 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
+ | |||
+ | ==Proposed addition to "user contributions" section== | ||
+ | [[User:Mmccarn|Mmccarn]] ([[User talk:Mmccarn|talk]]) 04:43, 19 August 2017 (CEST) | ||
+ | |||
+ | Note: these procedures get the files installed and allow fail2ban and fail2ban-subnets to run without any errors, but I don't know if fail2ban is actually working after making these changes... | ||
+ | |||
+ | ===Ban offending subnets=== | ||
+ | [https://forums.contribs.org/index.php/topic,51127.msg276126.html#msg276126 Holck found a reference] to an add-on for fail2ban that bans subnets with repeated offences from multiple IPs. | ||
+ | |||
+ | "[https://github.com/XaF/fail2ban-subnets fail2ban-subnets] aims to provide a way to ban subnets of IPs repeatingly banned by fail2ban for multiple offenses." | ||
+ | |||
+ | ====Prerequisites==== | ||
+ | * [[Fail2ban#Installation_sme8_and_sme9]] | ||
+ | * Git | ||
+ | |||
+ | ====Installation==== | ||
+ | <nowiki>mkdir -p ~/addons | ||
+ | cd ~/addons | ||
+ | git clone https://github.com/XaF/fail2ban-subnets.git | ||
+ | # mkdir -p /etc/fail2ban/action.d.local /etc/fail2ban/filter.d.local | ||
+ | cp ~/addons/fail2ban-subnets/action.d.local/iptables-subnet.conf /etc/fail2ban/action.d/iptables-subnet.local | ||
+ | cp ~/addons/fail2ban-subnets/filter.d.local/subnets.conf /etc/fail2ban/filter.d/subnets.local | ||
+ | cat ~/addons/fail2ban-subnets/jail.local >> /etc/fail2ban/jail.local | ||
+ | service fail2ban restart | ||
+ | </nowiki> | ||
+ | |||
+ | ====Test==== | ||
+ | <nowiki>cd ~/addons/fail2ban-subnets | ||
+ | perl fail2ban-subnets.py | ||
+ | </nowiki> | ||
+ | |||
+ | ====Activate hourly updates==== | ||
+ | cp ~/addons/fail2ban-subnets/fail2ban-subnets.py /etc/cron.hourly | ||
+ | |||
+ | ====Remove==== | ||
+ | <nowiki># remove the custom action and filter | ||
+ | 'rm' /etc/fail2ban/action.d/iptables-subnet.local | ||
+ | 'rm' /etc/fail2ban/filter.d/subnets.local | ||
+ | # | ||
+ | # if you have other fail2ban custom jails you may need to edit /etc/fail2ban/jail.local | ||
+ | # otherwise, you can remove the entire file using | ||
+ | # | ||
+ | 'rm' /etc/fail2ban/jail.local | ||
+ | # | ||
+ | # remove the hourly cron job | ||
+ | 'rm' /etc/cron.hourly/fail2ban-subnets.py | ||
+ | # | ||
+ | # restart fail2ban | ||
+ | signal-event fail2ban-conf | ||
+ | service fail2ban restart | ||
+ | </nowiki> | ||
+ | |||
+ | |||
+ | ==Proposed update for the checklist_ban script== | ||
+ | [[User:Mmccarn|Mmccarn]] ([[User talk:Mmccarn|talk]]) 14:54, 7 May 2017 (CEST) | ||
+ | |||
+ | <nowiki>#!/bin/bash | ||
+ | #lancer le script en sudo | ||
+ | echo -e "Jail failed / banned" | ||
+ | |||
+ | JAILS=$(fail2ban-client status | grep " Jail list:" | sed 's/`- Jail list://g' | sed 's/,//g') | ||
+ | for j in $JAILS | ||
+ | do | ||
+ | jail="$j " | ||
+ | failed=$(fail2ban-client status $j | grep " Currently failed:" | sed 's/[^0-9]*//') | ||
+ | banned=$(fail2ban-client status $j | grep " Currently banned:" | sed 's/[^0-9]*//') | ||
+ | echo -e "${jail:0:20} $failed / $banned" | ||
+ | done | ||
+ | </nowiki> | ||
+ | |||
+ | |||
Fine. Usually I'm told to put forum stuff into the wiki. Bound to happen the other way around. Have appended to the thread that 'tried' to point to the unwanted piece in the wiki. | Fine. Usually I'm told to put forum stuff into the wiki. Bound to happen the other way around. Have appended to the thread that 'tried' to point to the unwanted piece in the wiki. | ||
+ | ---- | ||
+ | @Piran: don't take comments personally to quickly. HFW just pointed out that to keep the wiki readable it needs some style (see: [[Help:Wiki_Manual_of_Style|Wiki Manual of Style]]). I've added the most important parts to the page, the rest i would keep as your personal notes. |
Latest revision as of 03:43, 19 August 2017
Proposed addition to "user contributions" section
Mmccarn (talk) 04:43, 19 August 2017 (CEST)
Note: these procedures get the files installed and allow fail2ban and fail2ban-subnets to run without any errors, but I don't know if fail2ban is actually working after making these changes...
Ban offending subnets
Holck found a reference to an add-on for fail2ban that bans subnets with repeated offences from multiple IPs.
"fail2ban-subnets aims to provide a way to ban subnets of IPs repeatingly banned by fail2ban for multiple offenses."
Prerequisites
Installation
mkdir -p ~/addons cd ~/addons git clone https://github.com/XaF/fail2ban-subnets.git # mkdir -p /etc/fail2ban/action.d.local /etc/fail2ban/filter.d.local cp ~/addons/fail2ban-subnets/action.d.local/iptables-subnet.conf /etc/fail2ban/action.d/iptables-subnet.local cp ~/addons/fail2ban-subnets/filter.d.local/subnets.conf /etc/fail2ban/filter.d/subnets.local cat ~/addons/fail2ban-subnets/jail.local >> /etc/fail2ban/jail.local service fail2ban restart
Test
cd ~/addons/fail2ban-subnets perl fail2ban-subnets.py
Activate hourly updates
cp ~/addons/fail2ban-subnets/fail2ban-subnets.py /etc/cron.hourly
Remove
# remove the custom action and filter 'rm' /etc/fail2ban/action.d/iptables-subnet.local 'rm' /etc/fail2ban/filter.d/subnets.local # # if you have other fail2ban custom jails you may need to edit /etc/fail2ban/jail.local # otherwise, you can remove the entire file using # 'rm' /etc/fail2ban/jail.local # # remove the hourly cron job 'rm' /etc/cron.hourly/fail2ban-subnets.py # # restart fail2ban signal-event fail2ban-conf service fail2ban restart
Proposed update for the checklist_ban script
Mmccarn (talk) 14:54, 7 May 2017 (CEST)
#!/bin/bash #lancer le script en sudo echo -e "Jail failed / banned" JAILS=$(fail2ban-client status | grep " Jail list:" | sed 's/`- Jail list://g' | sed 's/,//g') for j in $JAILS do jail="$j " failed=$(fail2ban-client status $j | grep " Currently failed:" | sed 's/[^0-9]*//') banned=$(fail2ban-client status $j | grep " Currently banned:" | sed 's/[^0-9]*//') echo -e "${jail:0:20} $failed / $banned" done
Fine. Usually I'm told to put forum stuff into the wiki. Bound to happen the other way around. Have appended to the thread that 'tried' to point to the unwanted piece in the wiki.
@Piran: don't take comments personally to quickly. HFW just pointed out that to keep the wiki readable it needs some style (see: Wiki Manual of Style). I've added the most important parts to the page, the rest i would keep as your personal notes.